Blame SOURCES/0003-systemd-account-for-unlocking-failures-in-clevis-luk.patch

9742fa
From 678ef82dd5608439c9a4222c594ab66d69009f06 Mon Sep 17 00:00:00 2001
91b2d5
From: Sergio Correia <scorreia@redhat.com>
91b2d5
Date: Fri, 29 Oct 2021 12:04:46 -0300
91b2d5
Subject: [PATCH 3/3] systemd: account for unlocking failures in
91b2d5
 clevis-luks-askpass (#343)
91b2d5
91b2d5
As unlock may fail for some reason, e.g. the network is not up yet,
91b2d5
one way cause problems would be to add extra `rd.luks.uuid' params
91b2d5
to the cmdline, which would then cause such devices to be unlocked
91b2d5
in early boot. If the unlocking fail, those devices might not be
91b2d5
accounted for in the clevis_devices_to_unlock() check, as it is
91b2d5
based on crypttab.
91b2d5
91b2d5
Let's make sure there are no pending ask.* sockets waiting to be
91b2d5
answered, before exiting.
91b2d5
91b2d5
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1878892
91b2d5
---
91b2d5
 src/luks/systemd/clevis-luks-askpass | 5 ++++-
91b2d5
 1 file changed, 4 insertions(+), 1 deletion(-)
91b2d5
91b2d5
diff --git a/src/luks/systemd/clevis-luks-askpass b/src/luks/systemd/clevis-luks-askpass
91b2d5
index 285bba4..f19671f 100755
91b2d5
--- a/src/luks/systemd/clevis-luks-askpass
91b2d5
+++ b/src/luks/systemd/clevis-luks-askpass
91b2d5
@@ -67,8 +67,11 @@ while true; do
91b2d5
     done
91b2d5
 
91b2d5
     [ "${loop}" != true ] && break
91b2d5
+
91b2d5
     # Checking for pending devices to be unlocked.
91b2d5
-    if remaining=$(clevis_devices_to_unlock) && [ -z "${remaining}" ]; then
91b2d5
+    remaining_crypttab=$(clevis_devices_to_unlock) ||:
91b2d5
+    remaining_askfiles=$(ls "${path}"/ask.* 2>/dev/null) ||:
91b2d5
+    if [ -z "${remaining_crypttab}" ] && [ -z "${remaining_askfiles}" ]; then
91b2d5
         break;
91b2d5
     fi
91b2d5
 
91b2d5
-- 
91b2d5
2.33.1
91b2d5